#VU966 Privilege escalation in Microsoft products - CVE-2016-0075
Published: October 13, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU966
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-0075
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Windows
Windows RT
Windows Server
Windows
Windows RT
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to obtain elevated privileges and view potentially sensitive data on the target system.
The vulnerability exists due to insufficient access control by a Windows kernel API on an affected system when handling access to sensitive registry information. A local user can gain potentially sensitive information that may be used to conduct further attacks.
Successful exploitation of this vulnerability will result in disclosure of important data on the vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.